Doug OLeary wrote:
Hi;
In my free time, I've been studying openldap and the ppolicy overlay. I started working on password complexity today. While searching for information on implementing complexity, I ran across the link immediately following which seems to indicate that openldap honors the settings in /etc/pam.d/password-auth.
No, that's not what that thread says at all.
I tried configuring that on a test kvm and can't even get it working with local accounts so obviously I borked something in the password-auth file - like maybe not even the right pam.d file; however, before I spend a whole lot of time troubleshooting this, is my understanding accurate? Will openldap honor the settings in pam.d?
No, OpenLDAP doesn't know anything about PAM settings. All that that thread is saying is that you must configure PAM correctly if you want PAM to enforce password quality *when you change passwords using PAM*.
If you change LDAP passwords via LDAP, PAM is nowhere in the picture.
It seems that'd be a whole lot cleaner and more supportable than compiling a specialized password checking module.
Any info greatly appreciated. Thanks for your time.